Uploaded image for project: 'Tapestry'
  1. Tapestry
  2. TAPESTRY-1604

Attributes of elements do not have entity values quoted (including the " character itself) resulting in invalid markup

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 5.0.5
    • Fix Version/s: 5.0.6
    • Component/s: None
    • Labels:
      None

      Description

      Simple example to demonstrate. The initial value of fullName in the bean has a couple of quotes in it. These are written directly to the HTML output instead of being turned into " entities.

      import org.apache.tapestry.annotations.Persist;

      public class Example {

      @Persist
      private MyBean myBean;

      public MyBean getMyBean()

      { return myBean; }

      public void setMyBean(MyBean myBean)

      { this.myBean = myBean; }

      }

      public class MyBean {
      private String fullName = "Fred \"Fredmeister\" Flintstone";

      public String getFullName()

      { return fullName; }

      public void setFullName(String fullName)

      { this.fullName = fullName; }

      }

      Example.html:

      <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_0_0.xsd">
      <body>
      <t:beanEditForm object="myBean" />
      </body>
      </html>

        Activity

        Hide
        david_peterson David Peterson added a comment -

        This problem also occurs with the TextField component. It is not a problem with the TextArea component.

        A workround is to explicitly set the "translate" property of all TextFields (for the BeanEditForm you have to provide blocks for each of them) to an instance of the following Translator:

        import org.apache.tapestry.translator.StringTranslator;

        public class SafeStringTranslator extends StringTranslator {

        public String toClient(String value)

        { return escapeXmlCharacters(super.toClient(value)); }

        private String escapeXmlCharacters(String s)

        { return s .replaceAll("&", "&") .replaceAll("\"", """) .replaceAll(">", ">") .replaceAll("<", "<"); }

        }

        Show
        david_peterson David Peterson added a comment - This problem also occurs with the TextField component. It is not a problem with the TextArea component. A workround is to explicitly set the "translate" property of all TextFields (for the BeanEditForm you have to provide blocks for each of them) to an instance of the following Translator: import org.apache.tapestry.translator.StringTranslator; public class SafeStringTranslator extends StringTranslator { public String toClient(String value) { return escapeXmlCharacters(super.toClient(value)); } private String escapeXmlCharacters(String s) { return s .replaceAll("&", "&") .replaceAll("\"", """) .replaceAll(">", ">") .replaceAll("<", "<"); } }
        Hide
        hlship Howard M. Lewis Ship added a comment -

        Although this was originally posed as an issue on the BeanEditForm, it's actually part of the DOM implementation used to render pages in general.

        Show
        hlship Howard M. Lewis Ship added a comment - Although this was originally posed as an issue on the BeanEditForm, it's actually part of the DOM implementation used to render pages in general.

          People

          • Assignee:
            hlship Howard M. Lewis Ship
            Reporter:
            david_peterson David Peterson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development